From 92f60a757214922776f8ad3a3178ce90cd7bb8d4 Mon Sep 17 00:00:00 2001 From: Adrian Cowan Date: Wed, 22 Oct 2025 22:02:25 +1100 Subject: [PATCH] Sort parts of the nomad intra into folders This should make finding things easier --- 2-nomad-config/1-data.tf | 54 +++++++++++++++++++ 2-nomad-config/{ => 1-data}/csi-smb.nomad.hcl | 0 2-nomad-config/1-data/csi-smb.tf | 5 ++ 2-nomad-config/1-data/main.tf | 25 +++++++++ 2-nomad-config/{ => 1-data}/pgadmin.nomad.hcl | 0 .../{ => 1-data}/pgbackup.nomad.hcl | 0 .../{ => 1-data}/postgres.nomad.hcl | 0 2-nomad-config/{ => 1-data}/postgres.tf | 16 ++---- 2-nomad-config/2-ingress.tf | 54 +++++++++++++++++++ .../{ => 2-ingress}/authelia.nomad.hcl | 0 2-nomad-config/{ => 2-ingress}/authelia.tf | 2 +- 2-nomad-config/2-ingress/main.tf | 33 ++++++++++++ .../{ => 2-ingress}/traefik.nomad.hcl | 0 2-nomad-config/{ => 2-ingress}/traefik.tf | 2 +- 2-nomad-config/main.tf | 10 ---- 15 files changed, 176 insertions(+), 25 deletions(-) create mode 100644 2-nomad-config/1-data.tf rename 2-nomad-config/{ => 1-data}/csi-smb.nomad.hcl (100%) create mode 100644 2-nomad-config/1-data/csi-smb.tf create mode 100644 2-nomad-config/1-data/main.tf rename 2-nomad-config/{ => 1-data}/pgadmin.nomad.hcl (100%) rename 2-nomad-config/{ => 1-data}/pgbackup.nomad.hcl (100%) rename 2-nomad-config/{ => 1-data}/postgres.nomad.hcl (100%) rename 2-nomad-config/{ => 1-data}/postgres.tf (69%) create mode 100644 2-nomad-config/2-ingress.tf rename 2-nomad-config/{ => 2-ingress}/authelia.nomad.hcl (100%) rename 2-nomad-config/{ => 2-ingress}/authelia.tf (92%) create mode 100644 2-nomad-config/2-ingress/main.tf rename 2-nomad-config/{ => 2-ingress}/traefik.nomad.hcl (100%) rename 2-nomad-config/{ => 2-ingress}/traefik.tf (96%) diff --git a/2-nomad-config/1-data.tf b/2-nomad-config/1-data.tf new file mode 100644 index 0000000..8eae448 --- /dev/null +++ b/2-nomad-config/1-data.tf @@ -0,0 +1,54 @@ + +module "data" { + source = "./1-data" +} + +data "nomad_plugin" "smb" { + plugin_id = "smb" + wait_for_healthy = true +} + +provider "postgresql" { + host = "jaglan-beta-m21.lan" + port = 5432 + database = "postgres" + username = "postgres" + password = data.sops_file.secrets.data["postgres.postgres"] + sslmode = "disable" + connect_timeout = 15 +} + +# csi-smb.tf + +moved { + from = nomad_job.csi-smb + to = module.data.nomad_job.csi-smb +} + +# postgres.tf + +moved { + from = nomad_job.postgres + to = module.data.nomad_job.postgres +} + +moved { + from = nomad_job.pgadmin + to = module.data.nomad_job.pgadmin +} + +moved { + from = nomad_job.pgbackup + to = module.data.nomad_job.pgbackup +} + +moved { + from = nomad_variable.postgres + to = module.data.nomad_variable.postgres +} + +moved { + from = nomad_csi_volume_registration.unraid_database_dump + to = module.data.nomad_csi_volume_registration.unraid_database_dump +} + diff --git a/2-nomad-config/csi-smb.nomad.hcl b/2-nomad-config/1-data/csi-smb.nomad.hcl similarity index 100% rename from 2-nomad-config/csi-smb.nomad.hcl rename to 2-nomad-config/1-data/csi-smb.nomad.hcl diff --git a/2-nomad-config/1-data/csi-smb.tf b/2-nomad-config/1-data/csi-smb.tf new file mode 100644 index 0000000..15b3604 --- /dev/null +++ b/2-nomad-config/1-data/csi-smb.tf @@ -0,0 +1,5 @@ + +resource "nomad_job" "csi-smb" { + jobspec = file("${path.module}/csi-smb.nomad.hcl") +} + diff --git a/2-nomad-config/1-data/main.tf b/2-nomad-config/1-data/main.tf new file mode 100644 index 0000000..77b9064 --- /dev/null +++ b/2-nomad-config/1-data/main.tf @@ -0,0 +1,25 @@ +terraform { + required_providers { + sops = { + source = "carlpett/sops" + version = "~> 0.5" + } + postgresql = { + source = "cyrilgdn/postgresql" + } + } +} + +provider "nomad" { + address = "http://jaglan-beta-m20.lan:4646" +} + +data "sops_file" "secrets" { + source_file = "secrets/secrets.enc.json" +} + +data "nomad_plugin" "smb" { + plugin_id = "smb" + wait_for_healthy = true +} + diff --git a/2-nomad-config/pgadmin.nomad.hcl b/2-nomad-config/1-data/pgadmin.nomad.hcl similarity index 100% rename from 2-nomad-config/pgadmin.nomad.hcl rename to 2-nomad-config/1-data/pgadmin.nomad.hcl diff --git a/2-nomad-config/pgbackup.nomad.hcl b/2-nomad-config/1-data/pgbackup.nomad.hcl similarity index 100% rename from 2-nomad-config/pgbackup.nomad.hcl rename to 2-nomad-config/1-data/pgbackup.nomad.hcl diff --git a/2-nomad-config/postgres.nomad.hcl b/2-nomad-config/1-data/postgres.nomad.hcl similarity index 100% rename from 2-nomad-config/postgres.nomad.hcl rename to 2-nomad-config/1-data/postgres.nomad.hcl diff --git a/2-nomad-config/postgres.tf b/2-nomad-config/1-data/postgres.tf similarity index 69% rename from 2-nomad-config/postgres.tf rename to 2-nomad-config/1-data/postgres.tf index 2ff6cf6..862280b 100644 --- a/2-nomad-config/postgres.tf +++ b/2-nomad-config/1-data/postgres.tf @@ -1,14 +1,14 @@ resource "nomad_job" "postgres" { - jobspec = file("postgres.nomad.hcl") + jobspec = file("${path.module}/postgres.nomad.hcl") rerun_if_dead = true } resource "nomad_job" "pgadmin" { - jobspec = file("pgadmin.nomad.hcl") + jobspec = file("${path.module}/pgadmin.nomad.hcl") } resource "nomad_job" "pgbackup" { - jobspec = file("pgbackup.nomad.hcl") + jobspec = file("${path.module}/pgbackup.nomad.hcl") } resource "nomad_variable" "postgres" { @@ -18,16 +18,6 @@ resource "nomad_variable" "postgres" { } } -provider "postgresql" { - host = "jaglan-beta-m21.lan" - port = 5432 - database = "postgres" - username = "postgres" - password = data.sops_file.secrets.data["postgres.postgres"] - sslmode = "disable" - connect_timeout = 15 -} - resource "nomad_csi_volume_registration" "unraid_database_dump" { #Note: Before chaning the definition of this volume you need to stop the jobs that are using it depends_on = [data.nomad_plugin.smb] diff --git a/2-nomad-config/2-ingress.tf b/2-nomad-config/2-ingress.tf new file mode 100644 index 0000000..a7421d6 --- /dev/null +++ b/2-nomad-config/2-ingress.tf @@ -0,0 +1,54 @@ + +module "ingress" { + source = "./2-ingress" +} + +# traefik.tf + +moved { + from = cloudflare_dns_record.othrayte-one + to = module.ingress.cloudflare_dns_record.othrayte-one +} + +moved { + from = cloudflare_dns_record.star-othrayte-one + to = module.ingress.cloudflare_dns_record.star-othrayte-one +} + +moved { + from = nomad_variable.traefik + to = module.ingress.nomad_variable.traefik +} + +moved { + from = nomad_job.traefik + to = module.ingress.nomad_job.traefik +} + +moved { + from = nomad_csi_volume_registration.unraid_appdata_traefik + to = module.ingress.nomad_csi_volume_registration.unraid_appdata_traefik +} + +# authelia.tf + +moved { + from = nomad_job.authelia + to = module.ingress.nomad_job.authelia +} + +moved { + from = postgresql_role.authelia + to = module.ingress.postgresql_role.authelia +} + +moved { + from = postgresql_database.authelia + to = module.ingress.postgresql_database.authelia +} + +moved { + from = nomad_variable.authelia + to = module.ingress.nomad_variable.authelia +} + diff --git a/2-nomad-config/authelia.nomad.hcl b/2-nomad-config/2-ingress/authelia.nomad.hcl similarity index 100% rename from 2-nomad-config/authelia.nomad.hcl rename to 2-nomad-config/2-ingress/authelia.nomad.hcl diff --git a/2-nomad-config/authelia.tf b/2-nomad-config/2-ingress/authelia.tf similarity index 92% rename from 2-nomad-config/authelia.tf rename to 2-nomad-config/2-ingress/authelia.tf index 309335b..4a6aa5e 100644 --- a/2-nomad-config/authelia.tf +++ b/2-nomad-config/2-ingress/authelia.tf @@ -1,5 +1,5 @@ resource "nomad_job" "authelia" { - jobspec = file("authelia.nomad.hcl") + jobspec = file("${path.module}/authelia.nomad.hcl") } resource "postgresql_role" "authelia" { diff --git a/2-nomad-config/2-ingress/main.tf b/2-nomad-config/2-ingress/main.tf new file mode 100644 index 0000000..6f3857e --- /dev/null +++ b/2-nomad-config/2-ingress/main.tf @@ -0,0 +1,33 @@ +terraform { + required_providers { + sops = { + source = "carlpett/sops" + version = "~> 0.5" + } + cloudflare = { + source = "cloudflare/cloudflare" + version = "~> 5" + } + postgresql = { + source = "cyrilgdn/postgresql" + } + } +} + +provider "nomad" { + address = "http://jaglan-beta-m20.lan:4646" +} + +data "sops_file" "secrets" { + source_file = "secrets/secrets.enc.json" +} + +provider "cloudflare" { + api_token = data.sops_file.secrets.data["cloudflare.api_token"] +} + +data "nomad_plugin" "smb" { + plugin_id = "smb" + wait_for_healthy = true +} + diff --git a/2-nomad-config/traefik.nomad.hcl b/2-nomad-config/2-ingress/traefik.nomad.hcl similarity index 100% rename from 2-nomad-config/traefik.nomad.hcl rename to 2-nomad-config/2-ingress/traefik.nomad.hcl diff --git a/2-nomad-config/traefik.tf b/2-nomad-config/2-ingress/traefik.tf similarity index 96% rename from 2-nomad-config/traefik.tf rename to 2-nomad-config/2-ingress/traefik.tf index 66d4a57..9904a06 100644 --- a/2-nomad-config/traefik.tf +++ b/2-nomad-config/2-ingress/traefik.tf @@ -27,7 +27,7 @@ resource "nomad_variable" "traefik" { } resource "nomad_job" "traefik" { - jobspec = templatefile("traefik.nomad.hcl", { + jobspec = templatefile("${path.module}/traefik.nomad.hcl", { hass_magic_token = nonsensitive(data.sops_file.secrets.data["hass.magic-token"]) }) } diff --git a/2-nomad-config/main.tf b/2-nomad-config/main.tf index c0079b7..ed4974d 100644 --- a/2-nomad-config/main.tf +++ b/2-nomad-config/main.tf @@ -32,15 +32,6 @@ provider "cloudflare" { api_token = data.sops_file.secrets.data["cloudflare.api_token"] } -resource "nomad_job" "csi-smb" { - jobspec = file("csi-smb.nomad.hcl") -} - -data "nomad_plugin" "smb" { - plugin_id = "smb" - wait_for_healthy = true -} - resource "nomad_scheduler_config" "config" { memory_oversubscription_enabled = true preemption_config = { @@ -51,4 +42,3 @@ resource "nomad_scheduler_config" "config" { } } -